<?php

if(!defined('IN_AACMS')) {
	exit('Access Denied');
}

$typearray = array('article', 'sgpage');
$type = !in_array($_GET['type'], $typearray) ? 'article' : $_GET['type'];

$id = intval($_GET['id']);

if($_GET['type'] == 'article') {
	$attach = DB::getRow("SELECT * FROM ".DB::table('article_attachment')." WHERE attachid='$id'");
} elseif($_GET['type'] == 'sgpage') {
	$attach = DB::getRow("SELECT * FROM ".DB::table('sgpage_attachment')." WHERE attachid='$id'");
} elseif($_GET['type'] == 'model') {
	$mid = intval($_GET['mid']);
	$mtable = DB::getOne("SELECT mtable FROM ".DB::table('model')." WHERE mid='$mid'");
	if($mtable) {
		$attach = DB::getRow("SELECT * FROM ".DB::table($mtable.'attach')." WHERE attachid='$id'");
	}
}

if(!$attach) {
	showmessage('parameter_error', dreferer());
}

if($attach['isimage']) {	
	header('Content-Disposition: inline; filename='.$attach['filename']);
	header('Content-Type: image/pjpeg');	
} else {
	header('Content-Disposition: attachment; filename='.$attach['filename']);
}

header('Content-Length: '.$filesize);
$filename = $_G['setting']['attachurl'].'/'.$type.'/'.$attach['attachment'];
echo file_get_contents($filename);

?>